I’ve tried different solution for automatic backup of Cisco devices from different clients including python ssh scripting and so on. Cisco included in his routers and switches the “archive” and the “kron” commands that help us in our task and makes it very easy. In this tutorial we describe how to install a better solution than tftp server with FTP protocol, using pure-ftp and centos 7.
tasks:
– scheduled backup of running-config file on remote FTP server
– automatic snapshot at every write memory command
steps:
– pure-ftp installation
– Cisco device configuration
Pure-ftp
in this configuration we’re gonna use virtual user access (no PAM or Unix access)
download epel package
install pure-ftp
yum install -y epel-release pure-ftpd
configure and set some security settings pure-ftpd
vim /etc/pure-ftpd/pure-ftpd.confhere are some settings:
AnonymousOnly no
NoAnonymous yes
PureDB /etc/pure-ftpd/pureftpd.pdb
PAMAuthentication no
UnixAuthentication noon centos system we create a pure-ftp user with the relative group:
[root@centos]# useradd ftp_user -g ftp_user -s /sbin/nologin -d /dev/null
let’s create a folder to be used for the FTP-server
[root@centos]# mkdir -p /home/user/ftp-folder/
change folder permissions
[root@centos]# chown -R ftp_user.ftp_user /home/user/ftp-folder/
create a virtual user “bob” with home folder /home/user/ftp-folder/
[root@centos]# pure-pw useradd bob -u ftp_user -g ftp_user -d /home/user/ftp-folder/ -m
insert password.
create virtual user database with this command:
[root@centos]# pure-pw mkdb
list users with folders
[root@centos]# pure-pw list
our ftp server is ready
Cisco Devices settings
in this case we want to configure an automatic configuration backup every time we save changes to our device with the command “copy run start” and every day at 01:00 am
Switch1#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch1(config)#archive Switch1(config-archive)#path ftp://your_ftp_ip_address/ Switch1(config-archive)#exit
insert login parameters to access ftp server
Switch1(config)#ip ftp username bob Switch1(config)#ip ftp password bob_passwd
enable backup every time we save the configuration:
Switch1(config)#archive Switch1(config-archive)#write-memory Switch1(config-archive)#exit
in this case when we execute “wr” or “copy running-config startup-config” there’ll be a configuration transfer to our FTP server
if we want to schedule an automatic backup we have to set up the kron command
Switch1(config)#kron policy-list AUTOMATIC_BACKUP Switch1(config-kron-policy)#cli write memory Switch1(config-kron-policy)#exit Switch1(config)#kron occurrence BACKUP_SCHEDULE at 1:00 recurring Switch1(config-kron-occurrence)#policy-list AUTOMATIC_BACKUP
with the command:
sh archive
we can check if everything is ok.
using sh kron schedule
Switch1#sh kron schedule Kron Occurrence Schedule BACKUP_SCHEDULE inactive, will run again in 0 days 22:56:22 at 1:00 on
we have information about the next time the schedule will be executed.
at this point we have a working system for automatic backup of cisco devices.
The problem at this point will be the logrotate for the rotation of older files that we don’t need to store. This will be the argument of the next tutorial
enjoy